Limited Black Friday Offer:

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS) CVE-2021-24275 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS) CVE-2021-24275 Scanner Detail

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

http://packetstormsecurity.com/files/164311/WordPress-Popup-1.10.4-Cross-Site-Scripting.html
https://wpscan.com/vulnerability/efdc76e0-c14a-4baf-af70-9d381107308f